Skip to content

Add new SSH host key types #1429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 25, 2022
Merged

Add new SSH host key types #1429

merged 4 commits into from
Oct 25, 2022

Conversation

flaix
Copy link
Member

@flaix flaix commented Oct 24, 2022

Add ECDSA and EdDSA (i.e. Ed25519) SSH host keys. This allows clients to connect to the server with ECDSA or Ed25519, which is good for users using OpenSSH 8.8 and higher which has ssh-rsa disabled. This means they do not have to resort to work-arounds, enabling it again.

The ssh-dsa host key is no longer generated with new installations, but existing ones will still be used. To remove support for an existing ssh-dsa host key simply delete the file ssh-dsa-hostkey.pem.

This PR resolves issue #1354 .

flaix added 4 commits October 25, 2022 00:01
@flaix
Update BouncyCastle to version 1.69
98f13a8 
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.

Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
@flaix
format: Cleanup formatting and whitespaces
79e6561
@flaix
Add SSH host keys with ECDSA and Ed25519
366a14f 
Create new host keys, one with ECDSA and one with Ed25519 algorithms.
For the Ed25519 currently the EdDSA library from i2p is used. This
requires some quirks, compared to a modern BouncyCastle. But the SSHD
library used cannot use BouncyCastle yet for Ed25519.

No DSA key is generated anymore, but we still support existing ones.
@flaix
Skip SSH host key files that do not exist
27b51f6 
Since we now do not generate a DSA host key file anymore, but keep it in
the list of potential keys so that existing keys still work, it can
happen that the files for DSA (and Ed25519) are getting loaded but they
do not exist. This results in an error in the log.
So instead check if the file exists and only try to load files that
exist. This prevents from errors (which are none) being spammed in the
log.
@flaix flaix added this to the 1.10.0 milestone Oct 24, 2022
@flaix flaix linked an issue Oct 24, 2022 that may be closed by this pull request
ssh: Support newer host key signatures #1354
Closed
@flaix flaix added the hacktoberfest-accepted Accepted Hacktoberfest contribution, will merge later. label Oct 25, 2022
@flaix flaix merged commit 7a2c589 into gitblit-org:master Oct 25, 2022
@flaix flaix deleted the ssh-host-algs branch October 25, 2022 16:22
@flaix flaix mentioned this pull request Oct 26, 2022
Closed
@flaix flaix mentioned this pull request Oct 31, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
hacktoberfest-accepted Accepted Hacktoberfest contribution, will merge later.
Projects
None yet
Milestone
1.10.0
Development

Successfully merging this pull request may close these issues.

ssh: Support newer host key signatures
1 participant
@flaix